CVE-2025-52559 - CERT CVE
ID CVE-2025-52559
Sažetak Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting (XSS) vulnerability in both topic names and channel names. This issue has been fixed in Zulip Server 10.4. A workaround for this issue involves denying access to /digest/.
Reference
CVSS
Base: 6.8
Impact: 4.0
Exploitability:2.3
Pristup
VektorSloženostAutentikacija
NETWORK LOW LOW
Impact
PovjerljivostCjelovitostDostupnost
HIGH NONE NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Zadnje važnije ažuriranje 02-07-2025 - 20:15
Objavljeno 02-07-2025 - 20:15